Metasploit contributor (over 16 modules)

S.E.F. - Social Engineering Framework

S.E.F. is a framework to make social engineering easier for pentesters. It contains tons of tools like a tool to generate email addresses based on names found online. It has a tool to send out phishing emails using email templates.


GISKismet is a wireless recon visualization tool to represent data gathered using Kismet in a flexible manner. GISKismet stores the information in a database so that the user can generate graphs using SQL. GISKismet currently uses SQLite for the database and GoogleEarth / KML files for graphing.


PBNJ is a suite of tools to monitor changes on a network over time. It does this by checking for changes on the target machine(s), which includes the details about the services running on them as well as the service state. PBNJ parses the data from a scan and stores it in a database. PBNJ uses Nmap to perform scans.


Patch for Nmap that adds banner grabbing functionality to XML and prints it to STDOUT. I may package up a compiled version if/when I get some free time.


Getwifi allows Linux users to join wireless networks easily by joining available networks in an order specified by the user. Getwifi is configured using a single file which specifies networks, optional WEP keys, and the order in which to join networks if more than one is found. This is similar to the functionality offered by Windows XP's wireless networking.


BackTrack is the most Top rated linux live distribution focused on penetration testing. Currently BackTrack consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals. This structure allows even newcomers to find the related tools to a certain task to be accomplished. New technologies and testing techniques are merged into BackTrack as soon as possible to keep it up-to-date.

I was on the development team since before BackTrack 1 beta until Backtrack 4. I also convined the dev-team to move to Debian packages based on some Perl automation I wrote.


Fierce is a Perl script that quickly scans domains (usually in just a few minutes, assuming no network lag) using several tactics. This should be considered a pre-cursor to nmap, unicornscan or nessus as it gives you enough information to begin a much more thorough scan with one of those other tools. Also, it can point out DNS entries for hosts that are no longer up or have not yet been put into production.

I have build several patches for Fierce v1 and I'm currently working on Fierce v2 which is a complete re-write using OO.


Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

I added XML functionality to Nikto.


BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF. Some of the basic functionality includes Keylogging and Clipboard Theft.

I have built a few modules and scripts for BeEF as well as contributed various feature requests and improvements.

Open Source Package Maintainer

I am the maintainer of numerous packages included in various Linux distributions including Debian, Ubuntu and Gentoo. They are also included in FreeBSD. These packages are related to PBNJ and security.